Murphy's laws of cryptography
-
Cryptography turns a security problem into a key management problem.
-
New cryptography generates new attacks.
-
If it's provably secure, it's probably not.
-
Any large enough system will include broken cryptography.
-
Any attempt to standardize will instead lead to massive fragmentation.
-
Any new standard is obsolete.
-
Broken in theory does not imply broken in practice, and vice-versa.
-
There's always a trusted third-party.
-
What sounds like a solution now will create more problems later:
- "Just use an HSM."
- "Assume a PKI is available."
- "Assume a broadcast channel."
- "Assume little-endianness."
-
Come for the cryptography, stay for the DER and PEM encodings.
-
Any new cryptography API will use different conventions than all
existing cryptography APIs.
As crowdsourced
on Twitter.
See other Murphy's laws.